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- The MAILING DATE of this communication appears on the cover sheet with the correspondence address — 
Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

1 )KI Responsive to communication(s) filed on 30 November 2009 . 
2a )□ This action is FINAL. 2b)^ This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) ^ Claim(s) 1-91 is/are pending in the application. 

4a) Of the above claim(s) 36-68 and 80-87 is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) |EI Claim(s) 1-35,69-79 and 88-91 is/are rejected. 

7) 0 Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) Q The specification is objected to by the Examiner. 

10) D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

1 1) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

20 Certified copies of the priority documents have been received in Application No. . 

3.Q Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 



Attach ment(s) 

1) D Notice of References Cited (PTO-892) 4) □ Interview Summary (PTO-41 3) 

2) □ Notice of Draftsperson's Patent Drawing Review (PTO-948) Paper No(s)/Mail Date. . 

3) □ Information Disclosure Statement(s) (PTO/SB/08) 5 ) □ Notice of Informal Patent Application 

Paper No(s)/Mail Date . 6) □ Other: . 

'TOL-326 (Rev. 08-06) Office Action Summary Part of Paper No./Mail Date 20100509 
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Response to Arguments 

Applicant's arguments filed 1 1/30/2009 with respect to prior art rejection of claims 1 - 35 
have been fully considered and are persuasive. The prior art rejection of 1 - 35 has been 
withdrawn. However, upon further consideration, a new ground(s) of rejection is made in view of 
35 USC 112 Second paragraph. 

Applicant's arguments filed 1 1/30/2009 with respect to double patenting rejection of 
claims 1 - 35, 69 - 79 and 88 - 91 with Patent 7,535,909 have been fully considered and are 
persuasive. The double patenting rejection of 1 - 35, 69 - 79 and 88 - 91 has been withdrawn. 



Applicant's arguments with respect double patenting rejection of claims 1 - 35, 69 - 79 
and 81 - 91 with copending application 11/271,133 have been fully considered but they are not 
persuasive. Examiner respectfully submits that 

"obtaining a collection of data items to be analyzed to identify the network 
attack, wherein said data items are parts of message that were sent over 
a data network", is analogous to "obtaining routing information from a 
packet communicated via a network, the routing information including a 
source address and a destination address", regardless of the wording, 
further data items are at least "a source and a destination address" 
(further recited/disclosed in instant dependent claims); 
"reducing said data item in said collection to reduce said data collection to 
a reduced data collection of reduced data items, wherein the reduced 
data items in the reduced data collection have a smaller size and a 
constant predetermined relation with data items in the data collection and 
at least some of the data items in the data collection that differ are 
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reduced to the same reduced data item", is analogous to "maintaining a 
count of packets associated with a device associating with the routing 
information", regardless of the count of packets still maps to the instant 
limitation "reduced data item monitoring messages directed to specific 
computers" as recited and disclosed in instant dependent claims; 
"analyzing ... identifying common content indicative of the previously 
known network attack", is analogous to "identifying the device as a 
potentially malicious device when the count exceeds a threshold; 
mapping the source address into a source infected set and mapping the 
destination address into a destination infected set" and "selectively 
categorizing the source device associated with the packet as a suspicious 
device", regardless of the wording, further the claimed instant limitation 
disclosed/explicitly recited in instant dependent claims as "determining a 
list of first computers that are susceptible to a specified attack"; 
perhaps the only difficult difference that makes use of the alleged 
invention is "sending the common content to one or more of a signature 
blocker and a signature manager for use as a new signature in identifying 
the previously unknown intrusive network attack" vs. "adding the source 
address to the source infected set and adding the destination address to 
the destination infected set", the copending claims add the source and 
destination computers/devices infected set, where as the instant invention 
further adds the new signature to the list of previously unknown intrusive 
network attack list. 
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Therefore, the main, and arguably only, difference is the structure used to 
make the determination of adding the source and destination addresses 
has been claimed in the instant claims more specifically by adding the 
previously unknown signature to the network attack list, it merely a 
substitution of what is used to make the detecting/identifying the network 
attack. Applicant's arguments are not persuasive and Examiner 
respectfully maintain the double patenting rejection with the copending 
application 1 1/271,133 (please refer the office action mailed on 
10/22/2009. 



Allowable Subject Matter 

Claims 1 - 35, 69 - 79 and 88 - 91 are allowed, if a terminal disclaimer is filed to 
overcome the double patenting rejection with the copending application 1 1/271,133. 

Any comments considered necessary by applicant must be submitted no later than the 
payment of the issue fee and, to avoid processing delays, should preferably accompany the 
issue fee. Such submissions should be clearly labeled "Comments on Statement of Reasons 
for Allowance." 

Conclusion 

Any inquiry concerning this communication or earlier communications from the examiner 
should be directed to PRAM I LA PARTHASARATHY whose telephone number is (571)272- 
3866. The examiner can normally be reached on 8:00a.m. to 5:00p.m.. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Nasser Moazzami can be reached on 571-272-4195. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private 
PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you 
would like assistance from a USPTO Customer Service Representative or access to the 
automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



/Pramila Parthasarathy/ 
Primary Examiner, Art Unit 2436 



